The Indian Computer Emergency Response Team (CERT-In) has discovered multiple vulnerabilities in Google Chrome and Apple Safari browsers. The vulnerabilities could allow remote attackers to gain access to users’ devices and sensitive data. The agency has advised users to update to the latest version of Chrome and Safari.
According to the CERT-In, all Google Chrome versions older than 84.0.4147.89 have been affected by the security loophole. The agency has rated the severity rating of the issue as “High”. For Apple users, all Safari versions older than 13.1.2 are at high risk.
The CERT-In said that the vulnerabilities in Google Chrome could allow a remote attacker to gain access to sensitive information of a user. The attacker could also exploit the vulnerabilities to launch Denial of Service (DoS) attacks on a targeted system.
“Multiple vulnerabilities have been reported in Google Chrome that could allow remote attacker to execute arbitrary code, bypass security restrictions, access sensitive information, contact spoofing attack and denial of service (DoS) attack on the targeted system,” the CERT-In said on its website.
For Apple, the agency said that the vulnerabilities in Safari could enable remote attackers to conduct cross-site scripting attacks.
“Multiple vulnerabilities have been reported in Apple Safari that could allow remote attacker to execute arbitrary code, perform cross site scripting attacks or cause URL Unicode encoding on a targeted system,” the agency said in a separate advisory.
Google users can download or update to the latest version (84.0.4147.89) of Chrome. The update is already rolling to Chrome users. Google had confirmed the update featured as many as 38 security fixes for Chrome users.
Apple has also begun rolling out the Safari version 13.1.2 which is available for macOS Mojave and macOS High Sierra and included in macOS Catalina.